Data Protection Declaration

WINTERSTEIGER places great importance on protecting your personal data. Since data protection at WINTERSTEIGER is thus also a high priority, your personal data is handled in accordance with the valid data protection regulations (Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (GDPR), Data Protection Act 2018 (DPA 2018), Austrian Telecommunications Act 2003 (TKG 2003)).

In the following, we will inform you about the processing operations related to your personal data within the framework of our online content and our website.

Using the contact details listed above, you can contact our data protection officer who will be happy to help you with any questions relating to data protection and rights of the affected.

Data Processing – General Information

We process your personal data in a responsible manner and in accordance with the relevant data protection regulations.

Personal data is only collected if you provide it, for example, over the course of an online order, an inquiry form, or a registration.

Personal data is only passed on to third parties in accordance with legal regulations. We only pass on users’ personal data to third parties if this is required for the contract according to Art. 6 Sec. 1 Clause b GDPR, or within the framework of legitimate interests according to Art. 6 Sec. 1 Clause f GDPR (economic and effective business operations).

Processing Personal Data during a Visit to our Website

You can always visit our website without providing personal information. When you access our website, the following information is collected and temporarily stored in a web server logfile:

The IP address of the requesting web-enabled device

The time and date of access

The quantity of transferred data in bytes

The name and the URL of the file retrieved

The website/application from which our website was accessed (referrer URL)

Your browser and potentially the operating system of your web-enabled device

We have no influence on automated data storage. The data collected will not allow for any direct conclusions about your identity, and we will not draw any conclusions.

We use the data mentioned above for the following purposes:

Establishing a smooth connection

Ensuring the website is convenient to use

Assessing the system security and stability

Statistical assessment of the data to optimize our online presence and the associated technology

The data mentioned above is stored for 120 weeks and backed up for another six months.

According to Art. 6 Sec. 1 Clause f GDPR, the legal basis for processing the listed data is our legitimate interest which results from the purposes listed above.

Contacting Us

When you contact us (via the contact form or email), the personal data you provide to process and handle the contact inquiry or to initiate and fulfill a contract is processed to carry out pre-contractual measures according to the legal basis of Art. 6 Sec. 1 Clause b GDPR.

When you contact us using the contact forms on the website, we process the following personal data:

Company

Form of address

Title (optional), First name, Surname

Email address

Address

Telephone number, fax

Website

Your individual message

Your details are stored in our customer relationship management system (CRM system) or a similar inquiry set-up.

We use the CRM system from the supplier SAP based on our legitimate interests (efficient and quick processing of user inquiries). To this end, we have arranged a contract with the supplier according to Art. 28 GDPR, whereby the supplier is obliged to process user data strictly in accordance with our instructions and while complying with the EU data protection level.

The data is processed for the duration of the business relationship initiation. Should the business relationship end, the data shall be stored for a duration of 30 years following the end of the business relationship due to the applicable legal provisions and retention requirements (§ 1489 Austrian General Civil Code).

Online shop

You can order WINTERSTEIGER products via the WINTERSTEIGER online shop. Any data processing relating to this is explained in the online shop data protection declaration.

Newsletter

You can receive information about our products and services as well as new developments via our newsletter.

You have the option to subscribe to our newsletter on our website. We process the following personal data when you subscribe to our newsletter:

Company (optional)

Form of address

Title (optional), First name, Surname

Email address

Address

Telephone number (optional)

The data is used for the purpose of sending newsletters about product news, customer applications, training and service offers, events and trade fairs, and company news.

We process your data to send the newsletter based on your consent according to Art. 6 Sec. 1 Clause a GDPR and based on our legitimate interest according to Art. 6 Sec. 1 Clause f GDPR within the scope of an existing customer relationship to inform you about new products, customer applications, training and service offers, events and trade fairs, and company news.

We use the software “Phillit” from the supplier abm Feregyhazy & Simon GmbH, Unterhaidstraße 17, 4050 Traun, Austria to send and analyze our newsletter based on our legitimate interest according to Art. 6 Sec. 1 Clause f GDPR (efficient and quick processing of user inquiries). This software records the opening and click rate. More specifically, it tracks the following information: Time window of the notification and which link was clicked.

Receiving our newsletter is voluntary, and our performance of services does not depend on your receipt consent or revocation.

Your data is stored until you revoke your consent / unsubscribe from the newsletter. Furthermore, only the absolutely necessary data is stored due to the applicable legal provisions and retention requirements for the purpose of verifying your consent or your revocation.

Revocation/unsubscribing: You can revoke your consent to receiving the newsletter in the future at any time by emailing datenschutz@wintersteiger.at. You also have the option to unsubscribe to the newsletter at any time via email or by clicking on the link at the bottom of each newsletter. You will then be immediately removed from the mailing list.

Data Security

If we receive your personal data, for example over the course of an order, it will be encrypted using the SSL process (secure socket layer). The SSL process distorts your data before it is sent to the WINTERSTEIGER server so that a third party is unable to reconstruct it. This encryption process also ensures that your data is only sent to the server from which it was requested. You can find additional information under SSL Encryption.

For that matter, we will provide you with appropriate technical and organizational security measures to protect the personal data we store and to secure against loss, destruction, access, modification, and distribution by unauthorized persons, taking into account the state of the art, the implementation costs, as well as the nature, scope, circumstances and purposes of the processing and the likelihood and severity of the risk to the rights and freedoms of individuals. Our security measures are continuously improved according to technological advancements.

Cookies

We use cookies on this website which facilitate internet usage and communication. Cookies are small text files that our website sends to your browsers and are saved on your device.

Our website uses two types of cookies. One reason for our use of cookies is to make the use of our services more comfortable for you. We therefore use session cookies to detect whether you have already visited individual pages on our website. These remain in your browser’s cookie file until you leave our website and are automatically deleted at the end of your visit. The second type we use are long-term cookies which are stored for a specified time period to improve user friendliness and enable our website to recognize your browsers next time you visit. Should you visit our website again to make use of our services, it will automatically detect that you have visited the website before and it will recall the entries and settings you configured, so you won’t have to enter these again. The storage period for the cookies depends on your purpose of use and is not the same for all users.

You can configure your browser to inform you about cookie usage so you can make individual decisions about accepting cookies, or prevent the acceptance of cookies in specified cases or in general. However, disabling cookies may lead to a limitation of our website’s functionality.

We will inform you about the usage or setting of cookies using a cookie banner. By continuing on to our website following the receipt of the cookie banner information, you consent to us setting cookies.

The legal basis for the setting of cookies is our legitimate interest in offering online services and optimizing our website in accordance with Art. 6 Sec. 1 Clause f GDPR.

Google Analytics uses “cookies”, which are text files stored in your device and which enable an analysis of your website usage. The information gathered via the cookie about your usage of this website is generally transferred to a Google server in the USA and stored there. Activating IP anonymization on our website results in your IP address being shortened by Google within Member States of the European Union or in other states party to the Agreement on the European Economic Area before processing continues. Your IP address is only sent to a Google server in the USA and shortened there in exceptional cases. Google will use this information on our behalf to analyze your use of the website, to create reports about website activities, and to provide additional services related to website activity and internet usage to the website operator. The IP address communicated by your browser over the course of Google Analytics is not combined with other Google data.

You can prevent the storage of cookies by configuring your browser software accordingly. However, please note that as a result, you may be unable to make full use of all the functions on this website. In addition, you can prevent Google’s collection and processing of data generated by the cookie related to your website usage (including your IP address) by downloading the browser add-on under the following Google deactivation link (http://tools.google.com/dlpage/gaoptout?hl?=de). You can find additional information about the security and general principles of data protection related to Google Analytics on the following website: https://support.google.com/analytics/answer/6004245?hl=de.

The data is stored for 50 months.

The legal basis for our use of Google Analytics is our legitimate interest according to Art. 6 Sec. 1 Clause f GDPR. The analysis of website usage and the statistical evaluation is carried out to improve website content and make it more user friendly.

This technology enables us to reach out in a targeted manner to internet users who have expressed an interest in our website and our products and present them with a personalized, interest-based advertisement. The overlay of interest-based advertising material is based on cookie technology and an analysis of previous usage. Google uses cookies – small files stored on your device – for this purpose. Cookies store information which enables us to individually adapt the advertisement displayed to your stored data. If you would not like to receive any interest-based advertisements, you can deactivate Google’s storage of cookies on the following page: http://www.google.com/settings/ads/. Alternatively, you can deactivate the use of cookies by third parties by accessing the following deactivation page of the network advertising initiative: http://www.networkadvertising.org/choices/. You can find additional information about Google data protection regulations on the following website: http://www.google.de/policies/privacy/.

Google AdWords

This website uses the online advertising program Google AdWords as well as Google Conversion Tracking, an analysis service provided by Google Inc., 1600 Amphitheatre Parkway Mountain View, CA 94043, USA, (“Google”). Google is certified under the European Commission’s adequacy resolution (Privacy Shield Agreement), thus providing a guarantee to comply with European data protection law.

To this end, Google uses cookies which are stored on your device if you accessed our website via a Google advertisement. These cookies are only valid for a limited time and are not used for personal identification. If you visit specific pages on our website, we and Google – provided the cookie has not yet expired – can detect that you accessed our website via a Google advertisement. Each Google AdWords customer receives a different cookie. Cookies therefore cannot be tracked via the AdWords customer websites. Conversion statistics are created using the data gathered via conversion cookies. This allows us to gather information about the total number of users who accessed a site with a conversion tracking tag via an advertisement. However, we do not receive any personal information through which individual users could be identified. If you would like to prevent the tracking process, you can disable the storage of the required cookies by configuring your browser software accordingly. You can also deactivate cookies for Google Conversion Tracking by configuring your browser so that cookies from the domain “www.googleadservices.com” are blocked. You can find additional information about Google data protection regulations on the following website: http://www.google.de/policies/privacy/.

Integration of Third-Party Services and Content

Facebook

On the basis of our legitimate interests according to Art. 6 Sec. 1 Clause f GDPR (interest in the analysis, optimization, and economical operation of our online content), we use social plugins (“plugins”) for the social network facebook.com operated by Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2, Ireland, (“Facebook”). The plugins include interaction elements and content (e.g., videos, graphics, or text posts) and can be recognized by one of the Facebook logos (white “f” on a blue tile, the term “Like” or a “thumbs up” symbol), or are marked with the phrase “Facebook Social Plugin”. The list and appearance of the Facebook Social Plugins can be seen here: https://developers.facebook.com/docs/plugins/.

Facebook is certified under the Privacy Shield Agreement, thus providing a guarantee to comply with European data protection law.

If a user activates a function of this online content which contains such a plugin, their device will establish a direct connection with the Facebook servers. The content of the plugin is directly transmitted from Facebook to the user’s device and integrated in the online content. During this process, user profiles can be created for the users using the processed data. We therefore have no influence on the scope of the data collected by Facebook using this plugin and thus inform users according to our knowledge base.

By integrating these plugins, Facebook receives the information that a user has accessed the respective site of the online content. If the user is logged onto Facebook, then Facebook can allocate the visit to their Facebook account. If users interact with the plugins, for example, to click the Like button or to leave a comment, the corresponding information is directly transmitted from their device to Facebook and stored there. Even if a user is not a member of Facebook, Facebook may still learn and save their IP address. According to Facebook, only an anonymized IP address is saved in Germany.

Information regarding the purpose and scope of the data collection as well as further processing and usage of the data by Facebook, as well as the related rights and configuration options to protect the user’s privacy can be found in Facebook’s data protection notice: https://www.facebook.com/about/privacy/.

If a user is a Facebook member and does not wish for Facebook to collect data about them through this online content and link it to their member data stored by Facebook, then they must log out of Facebook before using our online content and delete their cookies. Further settings and objections regarding the use of data for advertising purposes can be made via the Facebook profile settings: https://www.facebook.com/settings?tab=ads or via the American site http://www.aboutads.info/choices/ or via the EU sitehttp://www.youronlinechoices.com/. These settings are independent of the platform, i.e., they are adopted for all devices such as desktop computers and mobile devices.

By using this website, the user consents to the gathering, processing, and usage of automatically collected data as well as the data provided by the user (including the IP address) by Google, one of their representatives, or a third party.

On the basis of our legitimate interests according to Art. 6 Sec. 1 Clause f GDPR (interest in the analysis, optimization, and economical operation of our online content), our website uses the Google Tag Manager. Website tags can be managed on one interface using this service. The Google Tag Manager only implements tags. It does not set cookies or gather personal information. The Google Tag Manager activates other tags which may gather data. The Google Tag Manager does not access this data. If a deactivation has been configured at the domain or cookie level, then this remains in place for all tracking tags insofar as these are implemented with the Google Tag Manager. You can find more information about the Google Tag Manager via the following link: http://www.google.de/tagmanager/use-policy.html

On the basis of our legitimate interests according to Art. 6 Sec. 1 Clause f GDPR (interest in the analysis, optimization, and economical operation of our online content), functions of the YouTube service are integrated in our website to display and replay videos. These functions are provided by YouTube, LLC 901 Cherry Ave. San Bruno, CA 94066 USA. You can find additional information in the YouTube data protection guidelines.

The extended data protection mode is used here, which only initiates storage of user information once the video(s) is/are played according to the supplier’s statement. Should the replay of integrated YouTube videos be started, YouTube will use cookies to gather information about user behavior. According to YouTube, these are used for purposes including recording video statistics, improving user friendliness, and preventing improper usage. Independently of whether the integrated videos are replayed, a connection to the Google network “DoubleClick” is established every time you access our website which could lead to further data processing operations without our influence.

Your Rights

We will naturally be happy to inform you about the processing of your personal data. According to the data protection regulations, you have the following rights and remedies as an affected person:

The right to information about your personal data which we have stored according to Art. 15 GDPR. To provide this information, we may require you to verify your identity in a suitable manner.

Right to the correction of incorrect personal data or the completion of incomplete personal data according to Art. 16 GDPR.

Right to the deletion of your personal data according to Art. 17 GDPR insofar as the reasons outlined in Art. 17 Sec. 1 Clause a to f GDPR (e.g. cessation of the reason for processing) exist and the processing of your personal data is not required according to Art. 17 Sec. 3 GDPR.

Right to the limitation of the processing of your personal data according to Art. 18 GDPR.

Right to data portability according to Art. 20 GDPR.

Right to the objection against the processing of your personal data according to Art. 21 GDPR.

Right to the revocation of the consent declarations granted according to Art. 7 GDPR.

Right to appeal: You have the right to appeal to a regulatory authority. You can generally contact the regulatory authority of your usual place of residence or work, or our company headquarters. In Austria, this is:

Austrian data protection authority

Wickenburggasse 8

1080 Vienna

Tel: +43 1 52 152-0

Email: dsb@dsb.gv.at

In order to assert your rights against WINTERSTEIGER, or in the event of any questions, please contact us:

Should you take action to enforce your GDPR-related rights as listed above, WINTERSTEIGER must respond to the application (or, if the legal requirements are met, comply with the application) no later than one month after receipt of your application for the requested measure.

Scope of application / links

This data protection declaration applies exclusively to WINTERSTEIGER websites. We have no influence on the layout or content of websites connected to our website via links and we are unable to control how the operators of the linked websites handle your information. As a result, our data protection declaration and our area of responsibility does not include their websites.